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Box No. I Basis of the report 

1. With regard to the language, this report is based on the international application In the language in which it was 
filed, unless otherwise indicated under this item. 

□ This report is based on translations from the original language into the following language , 
which is the language of a translation furnished for the purposes of: 

□ international search (under Rules 12.3 and 23.1(b)) 

□ publication of the intemational application (under Rule 12.4) 

□ international preliminary examination (under Rules 55.2 andA)r 55.3) 

2. With regard to the elements* of the international application, this report is based on (replacement sheets which 
have been furnished to the receiving Office in response to an invitation under Article 14 are referred to in this 
report as "originally filed" and are not annexed to this report): 



Description, Pages 

1 -41 as originally filed 
Claims, Numbers 

1 -28 filed with telefax on 02.01 .2006 
Drawings, Sheets 

1 ^-5^ as originally filed 

□ a sequence listing and>br any related table(s) - see Supplemental Box Relating to Sequence Listing 

3. □ The amendments have resulted in the cancellation of: 

□ the description, pages 

□ the claims, Nos. 

□ the drawings, sheetsyfigs 

□ the sequence listing (specify): 

□ any table(s) related to sequence listing (specify): 

4. □ This report has been established as if (some of) the amendments annexed to this report and listed below 
had not been made, since they have been considered to go beyond the disclosure as filed, as indicated in the 
Supplemental Box (Rule 70.2(c)). 

□ the description, pages 

□ the claims, Nos. 

□ the drawings, sheets/figs 

□ the sequence listing (specify): 

□ any table(s) related to sequence listing (specify): 

* If item 4 applies, some or all of these sheets may he marked "superseded, " 
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Box No. V Reasoned statement under Article 35(2) with regard to novelty, inventive step or industrial 
applicability; citations and explanations supporting sucht statement 

1. Statement 

Novelty (N) Yes: Claims 1-28 

No: Claims 

Inventive step (IS) Yes: Claims 

No: Claims 1-28 

Industrial applicability (1 A) Yes: Claims 1-28 

No: Claims 

2. Citations and explanations (Rule 70.7): 
see separate sheet 
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Reasoned statement under Rule 66.2(a)(il) with regard to novelty, inventive step or 
industrial applicability; citations and explanations supporting such statement 



1 The following document is referred to in this communication: 

D1 : US-A-5 917 912 (GINTER KARL L ET AL) 29 June 1 999 (1 999-06-29) 
D2: WO-00/20950 (Glassbrook, 13.04.2000) 

The document D2 was not cited in the international search report. A copy of the 
document is appended hereto. 

2 The present application does not meet the requirements of Article 33(3) PCT, 
because the subject-matter of Independent claim 1 does not Involve an inventive 
step. 



2.1 Document D1 is regarded as being the closest prior art source to the subject-matter 
of claim 1 . 



Claim 1 


Document Dl 


Method for control of usage of 
content, wherein protected content 
exists being usage restricted by one or 
more first usage rights specifying one 
or more usage restrictions and/or one 
or more usage pemiissions of the 
protected content at a user device 
(Dl), the method comprising the steps 
of 


"VDE content creator / Rules & control" Fig. 
2 

"This reflective distributed processing 
mechanism permits ROS 602 to securely 
distribute rights and permissions In a 
controlled manner, and effectively restrict 
the characteristics of use of information 
content." col. 76, lines 28-31 
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obtaining the content at the user 
device (Dl) from the protected content 
in accordance with the one or more 
first usage rights by decrypting the 
protected content by a first content 
encryption key in a first secure 
environment (SEI) of the user device 
(Dl) and by accessing the decrypted 
conxenx in in6 nroi oscuro ciiviiviiiiiic^iii 
(SEI), 


"a secure subsystem that can enable 
control of content use such as displaying, 
encrypting, decrypting,..." col. 9 lines 20-24 


defining at least one usage right at the 
user device (Dl), the at least one 
defined usage right specifying one or 
more usage restrictions and/or one or 
more usage permissions of the 
content at a recipient device (D2) 


Fig. 2 and col. 76, lines 28-31 


and the at least one defined usage 
right comprising a temporal restriction, 


"an expiration date/time field 986 specifying 
the expiration date and/or time for the rights 
record 

a right ID field 988 identifying a right" col. 
152 lines 52-54 

"Other techniques for time aging may also 
be used, including for example techniques 
that use only user or site information, 
absolute points in time, and/or duration of 
time related to a subset of activities related 
to using or decrypting VDE secured content 
or the use of the VDE system" col. 129 lines 
20-25 


verifying that the at least one defined 
usage right is a subset of the one or 
more first usage rights, 


"allows user to customize their access rights 
by selecting a subset of rights authorized by 
a corresponding PERC" col. 156 lines 23-24 
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generating at the user device (Dl) 
integrity protection infomnation for the 
at least one defined usage right, 


"limits as specified by a PERC (permissions 
record) ... The resulting PERCs and/or URTs 
may be signed (e.g., using digital 
signatures)..." col. 246 lines 13-19 
"Seals may be employed as check values in 
database records (e.g.. in PERC 808) and 
similar applications." col. 215 lines 60-62 

neiTiGirKS. ci oignciiuio lo dii iiiicyiiiy 
protection of the PERCs (rights). 


encrypting the content with a content 
encryption key, 


"... distributed content (to, for many content 
applications, employ one or more content 
encryption keys that are unique to the 

opcOlllV./ V L^E-. 11 lolalldlllJI 1 CL\\\JU\J\ LiOd^j piivcxic? 

key techniques such as triple DES to encrypt 
content,..." col. 21 line 62 to col. 22 line 12 


encrypting the content encryption key 
with a key encryption key associated 
witn the recipient aevice ana/or 
an operator of the recipient device 

(D2), 


"Alternately, the key blocks 810 can be 
encrypted with the end user's public key" col. 

iOft linPQ Rc^-RR anH Fin 17 


communicating the encrypted content, 
the at least one defined usage right, 

fho onnrv/nt^rl pnntpnt pnnrx/Dtion kev. 

and the integrity protection information 
to the recipient device 


Fig. 2 and 86, 

"users may still be able to transfer some or 
all usage rights to another electronic 
appliance 600, " col. 332 lines 20-24 


restricting the one or more first usage 
rights in consequence of the definition 
and/or the communication of the at 
least one defined usage right to the 
recipient device (D2), 


Remark: "Transfer" implies that the 
originating device does not have the rights 
anymore, so the first rights are restricted. 
Othenwise it would be a copy. 
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verifying at tlie recipient device (D2) 

th^ int^nriti/ nf thA at Ipp^t nnp ri^finsrl 

usage right based on the integrity 
protection information 


"PERCs may be signed" col. 246 lines 13-19 

Remark: A signature is intended to be 
checked, otherwise it would make no sense 
adding a signature. 


rlQr*r\/ntinn at tho ro/^iniorit Ho\/ir»p (C\^\ 
Ucwiypllfiy cii LI lo 1 c^LrliJicl 11 vJc^Vlv^o yyJ^j 

the encrypted content encryption key 
with a decryption key corresponding to 
the key encryption key, 


Fin nnrl f\7 


decrypting the encrypted content with 
the content encryption key in a secure 

device 


Fig. 66 and 67 


applying the at least one defined 
usage right to the content in the 
secure environment (SE2), and 
using the content at the recipient 
device (D2) according to the applied at 
least one usage right, 


"Even if a consumer has a copy of a video 
program, she cannot watch or copy the 
program unless she has "rules and controls" 
that authorize use of the program. She can 
use the program only as permitted by the 
"rules and controls." col. 53 lines 60-63 



2.2 The subject-matter of claim 1 therefore differs from this known digital document 
system of Dl In that 

it abolishes the restriction of the one or more first usage rights when the temporal 
restriction expires. 



2.3 The problem to be solved by this feature may therefore be regarded as how to re- 
enable the use of the content for device 1 after the content is no longer lent to device 
2. 

2.4 This problem is not considered to represent a technical problem, because the 
procedure of lending something to someone is clearly business related. The person 
skilled in the art would just be confronted with the problem and asked to modify the 
system of D1 to enable this business requirements, therefore not involving any 
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2.5 In the case that someone would consider this business related requirements as 
inventive, D2 describes on page 12 line 29 to page 13 line 4: 

"If the penmission is lent or leased, the procedure also specifies that the secret 
key is associated with matching expiration times 1028 and 102R (e. g., each 
corresponding to a twoweel< period) at the sender and recipient computers, 
respectively, so that the secret key cannot be used (and therefore the data item 
cannot be used) at the sender computer until expiration time 102S is reached, 
and can be used at the recipient computer only until expiration time 1 02R is 
reached. In this way, the pennission is effectively retumed to the sender 
computer from the recipient computer when the expiration time is reached" 

2.6 Consequently, the skilled person would arrive at all features of claim 1 without any 
inventive activity. 

3 The independent claims 10, 20, 25 and 27 define the program and device 
corresponding to the method of claim 1 . Therefore the same objection as above 
applies correspondingly to these claims. 

4 The additional features of the dependent claims appear to be either known from D1 
and D2 or usually applied methods in the field of DRM and, consequently, do not lead 
to an inventive subject matter (Article 33 PCT). 
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Claims 

1 . Method for control of usage of content, wherein protected content exists 
being usage restricted by one or more first usage rights speciiying one or 
5 more usage restrictions and/or one or more usage permissions of the 

protected content at a user device (D1), the method comprising the steps 
of 

obtaining the content at the user device (D1) from the 
protected content in accordance with the one or more first 
1 0 usage rights by decrypting the proteclisd content by a first 

content encryption key in a first secure environment (SE1) of 
the user device <D1) and by accessing the decrypted content in 
the first secure environment (SE1). 

defining at least one usage right at the user device (D1 ), the at 

1 5 least one defined usage right spedf/ing one or more usage 

restrictions and/or one or more usage pennissions of the 
content at a recipient device (D2) and the at least one deHned 
usage right conr^nsing a temporal restiction, 
.verifying that the at least one defined usage right is a subset of 

20 the one or more first usage righte, 

generating at the user device (D1 ) integrity protection 
information for the at least one defined usage right 
encrypting the content with a content encryption l<ey, 
encrypting the content encryption I<ey with a Icey encryption 

25 key associated with the recipient device (D2) and/or an 

operator of the recipient device (D2), 
cbmmunkrating the encrypted content, tiie at least one defined 
usage right, the encrypted content encryption key, and the 
integrity protection information to the incipient d&nce (D2), 

30 - restricting the one or more first usage rights in consequence of 

the definition and/or the communication of the at least one 
defined usage right to the recipient device (D2), 



verifying at ihe recipient device (D2) tine int^rity of ttie at least 
one defined usage right based on the int^rity protection 
Information, 

decrypting at the recipient device (D2) the encrypted content 
5 encryption l<ey yi/ith a decryption key corresponding to the key 

encryption key, 

deor^ting the encrypted content with the content encryption 
Icey in a secure environment <SE2) of the recipient device (D2), 
applying the at least one defined usage itgiit to the content in 
10 the secure environmerrt (SE2), and 

using the content at the recipient device (D2) according to the 
applied at least one usage right, 

abolishing the restriction of the one or more first usage lights 
when the temporal restriction expires. 

15 

2. The method according to claim 1, the method further oomprising the 
steps of 

restricting or blocidng or deleting fhe at least one defined 
usage right at the rtedpient device (D2) before the expiry of file 
20 temporal restriction, 

communicating an indication of the restricting or blocking or 
deleting to the user device (D1). 

3. The method according to claim 2, further comprising the step of 

25 generating by the recipient device (D2) at least one received usage right 

that is a subset of the at least one denned usage right for the indication. 

4. The method according to claim 3, further comprising the steps of 

applying ihe at least one received usage right at the user 
30 device (D1) until the ^iry of the temporal restriction. 



5. The method a<^rding to claim 3, further comprising the steps of 



recognizing by the user device (D1) that the at least one 
received usage right relates to the at least one defined usage 
right and 

using the content at the user device pi) aocortjfng to the at 
5 least one first usage right even within the time upon the 

expiration of the temporal lestrictlon. 

6. The m^hod according to any of the preceding claims, wherein the step 
of communicating the at least one defined usage right to the recipient 
1 0 device (D2) is executed by 

communicating the at least one defined usage right from the 
user device (D1) to a rights server (DS), 
associating by the rights sen/er (DS) the at least one defined 
usage right with authorization information Indicating a rights 
^ issuer authorization for the at least one defined usage right to 

the recipient device (D2), 

communicating the at least one defined usage right and the 
authorization information ftom the rights server (DS) to the 
recipient device (D2), 
20 and the recipient device (D2) verifies the rights issuer authorization 

based on the received authorization information. 

7. The metiiod according to any of the prsceding claims further comprising 
the step of communicating to a charging server an indication about the 

26 oommunicaflon of the at least one defined usage right. 

8. The metiiod according to any of ttie preceding claim, wherein an Input 
unit of the user device (D1) receives at least one instruction from a user 
for defining the at least one usage right. 

30 

9. The metiiod according to any of tiie preceding claims furtiier comprising 
tile step of defining at least one furtiier usage right for at least one fijrther 
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recipient device for controlling the usage of the content at the at least 
one further device. 

10. A user device (D1) for controlling a usage of content at a recipient device 
(D2), the user device (D1) comprising at least a transmission unit and a 
processing unit, wherein protected content exists being usage restricted 
by one or more firet usage rights specifying one or more usage 
restrictions and/or one or more usage pemilssrons of the protected 
content at the user device (D1), and the processing unit is adapted to 
obtain the content from the protected content in accordance with the one 
or more first usage rights by decrypting the protected content with a first 
content encryption key in a first secure environment (SE1) of the user 
device (D1) and by accessing the decrypted content in the first secure 
environment (SE1), to define at least one usage right speciiying one or 
more usage restrictions and/br one or more usage permissions of the 
content at the recipient device (D2), the at least one defined usage right 
comprising a temporal restriction, to verily that the at least one defined 
usage right Is a subset of the one or more first usage rights, to generate 
Integrity protection Infomriation for the at least one defined usage right, to 
encrypt the content with a content encryption k&y, to encrypt the content 
encryption key with a key encryption key associated with the recipient 
device (D2) and/or an operator of the recipient device (D2), the 
transmission unit Is adapted to send the encrypted content, the at least 
one defined usage right, the encrypted content encryption key. and the 
integrity protectfon information to the recipient device (D2), the 
processing unit is adapted to restrict the one or more first usage rights in 
consequence of the definition and/or the communication of the at least 
one defined usage right to the recipient device (D2) and to abolish the 
restriction of the one or more first usage rights the when temporal 
restriction expires. 
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1 1 .The user device according to claim 9. wherein the user device is adapted 
to load the protected content via a receiving unit and to store the 
protected content at a storage and/or to store pre-installed protected 
content at the storage. 

5 

12. The user device according to dalm 9 or 10. ftjrlher comprising a 
receiving unit and the receiving unit is adapted to receive an Indication of 
a restricting or a blocking or a deleting of the at least one defined usage 
rights at the recipient device (D2) before the expiry of the temporal 

10 restriction. 

13. The user device according to claim 12, wherein the indication comprises 
at least one received usage right that is a subset of the at least one 
defined usage right 

15 

14. The user device according to claim 13, wherein the processing unit is 
adapted to apply the at least one received usage right until the expiry of 
the temporal restriction. 

16, The user device according to dalm 13, wherein the user device is 
adapted to recognize that the at least one received usage right relates to 
the at least one defined usage right and to use the content according to 
the at least one first usage right even within the time upon the expiration 
of the temporal restriction. 

16. The user device according to any of the claims 9 to 13, wherein the 
processing unit is adapted to generate an Instruction for a rights sen/er 
(DS) to associate the at least one defined usage right with authorization 
Infonnation indicating a righte issuer authorization for the at least one 
defined usage right to the recipient device (D2) and to communicate the 
at least one defined usage right and the authorization information to the 
recipient device (D2), and the transmission unit is adapted send the 
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Instruction and the at least one defined usage right to the rights server 
(DS). 

17. The user device acooiding to any the clajms 9 to 14, wherein the 
5 transmission unit is adapted to send to a charging server an indication 

about the communication of the at least one defined usage right to the 
recipient device (D2). 

18- The user device according to any of claims 9 to 16. the user device (D1) 
10 further comprising an input unit which is adapted to receive at least one 

instruction from a user and the processing unit Is adapted to define the at 
least one usage right based on the at least one Instmction from the user. 



15 



20 



19. The user device according to any of the claims 9 to 16, wherein the 
processing unit is adapted to define at least one further usage right for at 
least one further recipient device for controlling the usage of the content 
at the at least one further recipient device. 

20. A recipient device (D2) for a controlled usage of content, the recipient 
device (D2) comprising at least a receiving unit and processing unit, 
wherein the receiving unit Is adapted to receive the content being 
encrypted by a content encryption key, at least one defined usage right 
speciiyfng one or more usage restrictions and/or usage permissions of 
the content and the at least one defined usage right comprising a 
temporal restriction, a content encryption key being encrypted by a key 
encryption key associated with the recipient device (D2) and/or an 
operator of the recipient device (D2), and Integrity protection information 
for the at least one defined usage right, the processing unit is adapted to 
verify the Integrity of the at least one usage right based on the integrity 
protection infbnnation, to decrypt the encrypted content encryption key 
with a decryption key oon^espondlhg to the key encryption key, to decrypt 
the encrypted content with the content encryption key In a secure 
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environment (SE2), to apply the at least one defined usage right to the 
content in the secure environment (SE2), and to use the content 
according to the applied at least one defined usage right. 

5 21.The recipient device according to claim 18. wherein the processing unit is 
adapted to generate an alert If the integrity of the at least one defined 
usage right is violated and to Initiate an Indication of the alert at an output 
unit. 



10 



22. The recipient device according to claim 18 or 19 further comprising a 
transmission unit and the processing unit is adapted to restrict or block or 
delete the at least one defined usage right before the tempoial restriction 
expires and to generate an Indication of the restricting or the blocking or 
the deleting, and the transmission unit is adapted to send the indteation 

IS to the user device (D1). 

23. The recipient device according to claim 22, wherein the processing unit is 
adapted to generate at least one received usage right that Is a subset of 
the at least one defined usage right for the indication. 

20 

24. The recipient device according to any of the claims 20 to 23. wherein the 
receiving unit is adapted to receive the at least one defined usage right 
and associated authorization Infontiation indicating a rights issuer 
authorization fhsm a rights server (DS) and the processing unit is adapted 

25 to veriiy the rights issuer authorization based on the received 

authorization information. 

25. Computer program loadable into a processing unit of a user devfee (D1), 
the computer program comprising code adapted to «cecule a process for 

30 obtaining of content from protected content, the protected content being 

usage restricted by one or more first usage rights specifying one or more 
usage restrictions and/or one or more usage pemilssions of the prxrfected 
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content at the user device (D1) wherein the content is obtained m>m the 
protected content in accordance with the one or more first usage rights 
by decrypting the protected content by a first content encryption key In a 
first secure environment (SE1) of the user device (D1) and by accessing 
the decrypted content In the first secure environment (SE1), to execute a 
process for defining at least one usage right specifying one or more 
usage restrictions and/or one or more usage pemiisslons of the content 
at a recipient device (D2) with the at least one defined usage right 
comprising a temporal restrictfon, to execute a process for verifying that 
the at least one defined usage right is a subset of the one or more first 
usage rights, to execute a process for generating integrity protection 
Infomiation for the at least one defined usage right, to execute a process 
for encrypting the content with a content encryption Icey, to execute a 
process for encrypting the content encryption Ic^ wifli a Icey encryption 
key associated witti the recipient device (D2) and/or an operator of the 
recipient device (D2), and to initiate a process for a communication of the 
encrypted content, the at least one defined usage right, the encrypted 
content encryption key, and tile integrity protecti'on infomiation to the 
recipient device (D2), to execute a process for restricting the one or more 
first usage righte In consequence of the definition and/or the 
communication of the at least one defined usage right to the recipient 
device (D2), and to execute a process for abolishing the restriction of the 
one or more first usage rights when tiie temporal restiioHon expires. 

26. The computer program according to claim 25, wherein the code is 
adapted to execute steps of the method according to any of the claims 1 
to 9 as far as related to the user device (D1). 

27. A computer program loadable Into a processing unit of a recipient device 
(D2), the computer program comprising code adapted to execute a 
process for a verification of the integrity of at least one defined usage 
right based on Integrity protection Infomiation for the at least one defined 
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usage right, the at least one defined usage right specifying one or more 
usage restrictions and/or usage permissions for the usage of content and 
the at least one defined usage riglit comprising a temporal restriction, to 
execute with a decryption key a process for a decryption of an encrypted 
5 content enayption key being encrypted by a key encryption key 

associated with the recipient device (D2) and/or an operator of the 
recipient device (D2), the decryption key corresponding to the key 
encryption key, to execute in a secure environment with the content 
encryption key a process for a decryption of the encrypted content being 
10 encrypted with the content encryption key, to execute a process for 

applying the at least one defined usage right to the content in the secure 
environment (SE2) and to control a process for using the content 
according to the applied at least one defined usage right. 

15 28. The computer program according to dalm 27. wherein the code is 

adapted to execute steps of the method according to any of the claims 1 
to 9 as far as related to the recipient device (D2). 
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